search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
296 stars 91 forks source link

Invalid JSON Primitive #36

Closed wildunknown closed 7 years ago

wildunknown commented 7 years ago

https://github.com/pspete/psPAS/blob/eda86afcf8caffcf05172061053835ab31c8e0fb/Private/Invoke-PASRestMethod.ps1#L128

Hey Pete,

I've been playing around with this, and when CyberArk throws an error, I get a secondary error on this line. See below.

Invoke-PASRestMethod : [500]
At C:\Users\user1\Documents\WindowsPowerShell\Modules\psPAS\Functions\Authentication\Close-PASSession.ps1:74 char:9
+         Invoke-PASRestMethod -Uri $URI -Method POST -Headers $session ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMethod

ConvertFrom-Json : Invalid JSON primitive: The.
At C:\Users\user1\Documents\WindowsPowerShell\Modules\psPAS\Private\Invoke-PASRestMethod.ps1:128 char:30
+             $response = $_ | ConvertFrom-Json
+                              ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

In this case, the actual error is the following, which I grabbed using 

Write-Host "StatusCode: " $_.Exception.Response.StatusCode.value__
Write-Host "StatusDescription: " $_.Exception.Response.StatusDescription
Write-Host "Response: " $_.Exception.Message
StatusCode:  500
StatusDescription:  System.ServiceModel.ServiceActivationException
Response:  The remote server returned an error: (500) Internal Server Error.

It seems to be choking on the first word of the 'Response' which is in the parameter "$_.Exception.Message"

pspete commented 7 years ago

Thanks for the report @wildunknown - I shall investigate

pspete commented 7 years ago

Hi @wildunknown

Any chance you can test the updated Invoke-PASRestMethod on the issue-36 branch and confirm if the issue is fixed?

What are the steps to reproduce the Internal Server Error?

Cheers,

Pete

wildunknown commented 7 years ago

That worked. I can't give a description on how to reproduce the internal server error. I'm not sure what is causing it. I just know it is preventing REST authentication in one of my environments.

pspete commented 7 years ago

Hey @wildunknown -

After testing out some more errors raised by any request that results in a 5xx status code, I've made another update to the issue-36 branch.

I've reverted back to the original error logic, but added error handling for times when the exception message is not in JSON format.

I want to ensure your issue is fixed before merging: Can you try out Invoke-PASRestMethod again and see if it still works in your scenario? All going well you should not see a difference to the previous version (i.e. should work).

Thanks,

Pete

DanielKag commented 7 years ago

Hi Pete I'm having a similar error, with the latest version (downloaded it today).

I'm trying to perform a simple logon-

Get-Credential |
New-PASSession -BaseURI https://10.10.24.99/PasswordVault

And receives:

PS C:\Users\danielka\Desktop\ps> Get-Credential |
>> New-PASSession -BaseURI https://10.10.24.99/PasswordVault
>>

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
Invoke-PASRestMethod : []
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\psPAS\Functions\Authentication\New-PASSession.ps1:166 char:18
+             $PASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Sessio ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMethod

ConvertFrom-Json : Invalid JSON primitive: The.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\psPAS\Private\Invoke-PASRestMethod.ps1:128 char:30
+             $response = $_ | ConvertFrom-Json
+                              ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Maybe I'm doing something wrong? Daniel.

DanielKag commented 7 years ago

Ok maybe I was doing something wrong. After investigating the real error I got - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Please ignore my comment

pspete commented 7 years ago

Hi @DanielKag

If using Invoke-PASRestMethod from the issue-36 branch - I would not expect the Invalid JSON primitive error to be shown.

If I force the SSL/TLS secure channel error my output looks like this:

> Close-PASSession -sessionToken $sessiontoken -BaseURI https://cyberark/
Invoke-PASRestMethod : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel.
At C:\Users\petem\OneDrive\Documents\WindowsPowerShell\Modules\pspas\Functions\Authentication\Close-PASSession.ps1:74
char:9
+         Invoke-PASRestMethod -Uri $URI -Method POST -Headers $session ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMethod

I only receive a single error, for which the message is The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Is this different from what you see? Can you confirm that this is with the Invoke-PASRestMethod from the issue-36 branch?

Cheers,

Pete

pspete commented 7 years ago

@DanielKag - I just noticed

you specify New-PASSession -BaseURI https://10.10.24.99/PasswordVault

PasswordVault should be omitted from the BaseURI

You should make the logon call with: New-PASSession -BaseURI https://10.10.24.99/

pspete commented 7 years ago

Code merged into master branch - I believe the issue is resolved, if not, please reopen.

Cheers

Pete

27560 commented 6 years ago

I am attempting a webServericesLogin, and I am getting the following output: StatusCode: 500 StatusDescription: System.ServiceModel.ServiceActivationException Response: The remote server returned an error: (500) Internal Server Error. False This is an initial test of our cyberark API, not seeing anything show up in cyberarkwebsession logs either. Any clues as to what the issue is?

pspete commented 6 years ago

@27560 - maybe your web.config file is not correct? https://github.com/pspete/psPAS/issues/62#issuecomment-381428977

pspete commented 6 years ago

@27560 - except for CyberArk.WSAuthentication.Shared.AuthenticationService correct? Which should be set to defaultBinding, not httpsBinding. It would be better for you to raise your own issue and provide the required environment data required to properly understand the problem you face. This thread is unrelated and has been closed for a year...

27560 commented 6 years ago

Yes, I am going to have him change to defaultBinding this morning, and if issues continue I will start a new thread. Thank you for your help thus far :+1: